» uninstall.exe
Overview
Analysis
File Details

uninstall.exe

孙中元

The executable uninstall.exe has been detected as malware by 3 anti-virus scanners.

File name:

uninstall.exe

Publisher:

孙中元 (signed and verified)

Version:

1.0.0.1

MD5:

7b6239d5432f3bd22fb67e0fb4057f96

SHA-1:

1a89dd2a81ddf5d88c2bc8ee54a6649769d3cd31

SHA-256:

dd36c2a441333350517a68d0196ff50c4df9dfc0d256833fe9b12ae21240ac2b

Scanner detections:

3 / 68

Status:

Malware

Analysis date:

11/28/2024 4:38:51 AM UTC (today)

Scan engine

Detection

Engine version

avast!

Win32:Malware-gen

2014.9-160122

Kaspersky

HEUR:Trojan.Win32.Generic

14.0.0.779

Trend Micro House Call

TROJ_GEN.R047H07BJ15

7.2.22

File size:

611.6 KB (626,320 bytes)

Product version:

1.0.0.1

File type:

Executable application (Win32 EXE)

Language:

Chinese (Simplified, PRC)

Common path:

C:\users\{user}\appdata\roaming\liangxiawallpaper\uninstall.exe

Digital Signature

Signed by:

孙中元

Authority:

Unizeto Technologies S.A.

Valid from:

1/6/2014 8:00:00 AM

Valid to:

1/6/2015 8:00:00 AM

Subject:

CN="Open Source Developer, 孙中元", O=孙中元, C=CN

Issuer:

CN=Certum Level III CA, OU=Certum Certification Authority, O=Unizeto Technologies S.A., C=PL

Serial number:

1EFA0F2B42B625FC1E90EF0F3C093B28

File PE Metadata

Compilation timestamp:

1/22/2015 2:21:12 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

8.0

CTPH (ssdeep):

12288:U4k0fJBzMGvKRz4xJeAHJrgUQCL1PCL1DdU2CQ/pS:fBz5KRz4xL5QCL1PCL1lpS

Entry address:

0x2F653

Entry point:

E8, 81, 75, 00, 00, E9, 17, FE, FF, FF, 3B, 0D, D4, 07, 46, 00, 75, 02, F3, C3, E9, 01, 76, 00, 00, 6A, 0C, 68, 58, A2, 45, 00, E8, F8, 2C, 00, 00, 83, 65, E4, 00, 8B, 75, 08, 3B, 35, B0, 60, 46, 00, 77, 22, 6A, 04, E8, 59, 78, 00, 00, 59, 83, 65, FC, 00, 56, E8, 9B, 80, 00, 00, 59, 89, 45, E4, C7, 45, FC, FE, FF, FF, FF, E8, 09, 00, 00, 00, 8B, 45, E4, E8, 04, 2D, 00, 00, C3, 6A, 04, E8, 56, 77, 00, 00, 59, C3, 55, 8B, 6C, 24, 08, 83, FD, E0, 0F, 87, 9F, 00, 00, 00, 53, 8B, 1D, C8, C1, 44, 00, 56, 57, 33... 
[+]

Entropy:

6.8752

Code size:

300 KB (307,200 bytes)

Remove uninstall.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.